The ultimate Python library in building OAuth, OpenID Connect clients and servers. JWS,JWE,JWK,JWA,JWT included.
Backward compitable fix for using JWKs in JWT, via #280.
This is the last release before v1.0. In this release, we added more RFCs implementations and did some refactors for JOSE:
We also fixed bugs for integrations:
Breaking Change:
algorithms
in JsonWebSignature
and JsonWebEncryption
are changed. Usually you don't have to care about it since you won't use it directly.none
auth method for authorization code by default.code_verifier
via #216.introspect_token
method on OAuth 2 Client via #224.expires_at
or expires_in
is 0 via #227.In this release, Authlib has introduced a new way to write framework integrations for clients.
Bug fixes and enhancements in this release:
Breaking Change: drop sync OAuth clients of HTTPX.
This is the release that makes Authlib one more step close to v1.0. We did a huge refactor on our integrations. Authlib believes in monolithic design, it enables us to design the API to integrate with every framework in the best way. In this release, Authlib has re-organized the folder structure, moving every integration into the integrations folder. It makes Authlib to add more integrations
easily in the future.
RFC implementations and updates in this release:
New integrations and changes in this release:
authlib.client.aiohttp
has been removedBug fixes and enhancements in this release:
alg
values easily for JWS and JWE.Deprecate Changes: find how to solve the deprecate issues via https://git.io/Jeclj
This is a bug fix version. Here are the fixes:
client.get_allowed_scope
on every grant typesrequest.client
before validate_requested_scope
Released on Sep 3, 2019.
Breaking Change: Authlib Grant system has been redesigned. If you are creating OpenID Connect providers, please read the new documentation for OpenID Connect.
Important Update: Django OAuth 2.0 server integration is ready now. You can create OAuth 2.0 provider and OpenID Connect 1.0 with Django framework.
RFC implementations and updates in this release:
AssertionClient
for the assertion frameworkIntrospectionToken
for introspection token endpointRefactor and bug fixes in this release:
RefreshTokenGrant.revoke_old_credential
methodauthlib.client
, no breaking changesOAuth2Request
, use explicit query and formrequests
to optional dependencyAsyncAssertionClient
for aiohttpDeprecate Changes: find how to solve the deprecate issues via https://git.io/fjPsV
Code Changes: https://github.com/lepture/authlib/compare/v0.11...v0.12
BIG NEWS: Authlib has changed its open source license from AGPL to BSD.
Important Changes: Authlib specs module has been split into jose
, oauth1
, oauth2
, and oidc
. Find how to solve the deprecate issues via https://git.io/fjvpt.
RFC implementations and updates in this release:
Small changes and bug fixes in this release:
Experiment Features: There is an experiment aiohttp
client for OAuth1 and OAuth2 in authlib.client.aiohttp
.
Code Changes: https://github.com/lepture/authlib/compare/v0.10...v0.11